Focus on Software

Internets, Intranets, LANs, WANs and
more. Frankly, I don't care how a system is connected, be it
Ethernet, Token Ring, FDDI, Frame Relay, dial-up PPP, wireless, ham
radio, satellite or two cans and a string. If it's connected to
something else, even intermittently, it's vulnerable. Recently, Red
Hat demonstrated to the world that installing unsecure, vulnerable
and, even worse, unnecessary services is a highly
security-challenged proposition to the Nth. I don't want to pick on
Red Hat; most distributions do similar security-challenged things.
But they shouldn't. For my money, no service should be turned on by
default, whether the customer asked for a full install or not. Even
worse, few distros explain logs and all they offer in their little
getting started book. The syslog files (/etc/syslog.conf and the
logs themselves) are not “black arts” stuff. They're just boring.
Or so we hope. If you have an intruder, or attempted intrusions,
these logs can be rather interesting. I've found myself on the edge
of my chair as I read through the logs, watching an intrusion and
wondering if this wannabe cracker or script kiddie is going to make
it in. Okay, so I'm eccentric. But I'm hoping a few offerings
centered on system logs might spark a little interest in a bunch of
dull log files.

The logtool utility is
another of those small things that sometimes go a long way. All a
logtool does is colorize log entries. It makes the date-time stamp
one color, originating system another, the facility a third color
and the message itself a fourth color. This really breaks out a log
entry when you have a large number of them on the screen at one
time, making reading entries easier. Requires: glibc.

The name of this package is a bit of a misnomer. Yes, it does
do some log file correlations, but it also shows other things, like
currently logged in users (w), filesystem status (df -k), last dump
(/etc/dumpdates), the logs. I would say it's more of a system
analysis. This won't replace other log file tools that search for
anomalies but will give an “executive overview” of a system.
Requires: Perl.

If you're running ipchains, netfilter or a Cisco firewall,
this utility can grep your logs and display statistics regarding
the traffic passing through (or even just to) your system. You must
generate the iptables/ipchains rules for logging (-j LOG in
iptables) whatever you want
fwlogwatch to look for. If you
enable netfilter debugging, it's like logging every single packet
you see. So I don't recommend that just because of the sheer volume
of logging, but it will definitely show you what your system is
seeing. Requires: glibc.

This is another graphical utility used to show various
settings and loadings on your system. It is highly configurable and
modular, with modules that show apm, clock, CPU, disk status, mail,
memory, network status, serial status, swap, network IP, PCMCIA and
ppptime. Mix and match in any order you want, in one row across,
one row down or in various rows across. Want to just “fill a
hole”? Select the empty module. My only complaint is the inability
to resize the graphics, which look fine on a screen up to 1024 x
768 but is too small on a screen of 1600 x 1200. Requires: libX11,
libXpm, libdl, glibc.

This password generator can be configured to produce
pronounceable passwords as well as totally random “white noise”
passwords. apg can further check
these passwords against a dictionary file. This utility comes as a
standard program as well as a dæmon that can be run by
inetd to service requests on the
network (this may not be a good idea unless all network traffic is
encrypted). The author also provides separately a
tk utility to access and display
generated passwords. These two programs make short work of excuses
for bad passwords. Requires: glibc; tkapg also requires
Tcl/Tk.

This utility, designed to be run in a video terminal (VT),
shows the status of your PPP connection. All statistics are shown,
including IP address and a graphical display of throughput. It's
perfect if you have a system that acts as a firewall/dial-up. Its
one drawback is it doesn't have an option to lock the screen when
invoked so you can leave it up while unattended. Requires:
libncurses, glibc.

Any of you remember the old DOS (DR-DOS or MS-DOS) programs
like the Norton Window utility (the name slips my mind) that gave
you a window in DOS? How would you like a trip down memory lane?
Well TWIN can provide you that trip. It can also provide you with
an extremely lightweight term window (or multiple term windows) on
one VT. Nice thing is, it also works in X if you're so inclined. I
think my laptop just became a non-X piece of hardware. Requires:
glibc.

If you are a realtor, or know any realtors, then this
software will be of interest. It claims to be simple enough for a
realtor to set up, and I imagine that means techn-eaderthal
realtors. Well, that may be a slight exaggeration but not much of
one. It will require that someone make adjustments to the index.php
page, but, beyond that, this is the simplest package to administer
I've seen in a while. I wish realtors had something like this set
up the last time I was looking for a house in the States. If you're
not in the US, you might need to make some adjustments (including
translations), but it would be a trivial undertaking. Requires: web
server with MySQL and PHP4, web browser.

Until next month.

David
A. Bandel (dbandel@pananix.com) is a Linux/UNIX
consultant currently living in the Republic of Panama. He is
coauthor of Que Special Edition: Using Caldera OpenLinux.

Trending Topics

Webinar: 8 Signs You’re Beyond Cron

Scheduling Crontabs With an Enterprise Scheduler
11am CDT, April 29th

Join Linux Journal and Pat Cameron, Director of Automation Technology at HelpSystems, as they discuss the eight primary advantages of moving beyond cron job scheduling. In this webinar, you’ll learn about integrating cron with an enterprise scheduler.